Author Posts

May 13, 2016 at 8:53 pm

I've got the following Name/Expression working to list only the CN of each group this user is a member of.

$WIPMemberOf = @{n="MemberOf";e={($_ | Select -ExpandProperty MemberOf) | Where {$_ -match "CN=(.*?),"} | ForEach{$Matches[1]}}}
$ADUC_Users | where {$_.samaccountname -like 'GRANT.HARRINGTON'} | Select $WIPMemberOf | fl

The only remaining issue is the output is still listed in curly braces.

MemberOf: {Group01,Group02,SomeOtherGroup...}

I'm not sure where to place -join ',' as I'm hoping to get it output like this:

MemberOf: Group01,Group02,SomeOtherGroup,LastGroup

May 14, 2016 at 12:35 am

This is an intriguing way of doing this, but there ya go.

$WIPMemberOf = @{n="MemberOf";e={(($_ | Select -ExpandProperty MemberOf) | Where {$_ -match "CN=(.*?),"} | ForEach{$Matches[1]}) -join ","}}

May 14, 2016 at 6:52 am

That worked nicely. Thank you.

My reason for doing it this way is that when I have multiple properties that have a expandable attribute, I can create multiple name/expression variables and view only the "name" (CN).

Using your response I was able to quickly achieve this:
MemberOf: Group01,Group02,SomeOtherGroup,LastGroup
DirectReports: User01, User02, LastUser

If you have a suggestion for another way to achieve the same, I'd be interested in that.

Thanks again.

May 14, 2016 at 9:35 am

Hey Grant,
What makes your approach interesting is the use of the predefined hash table variable $WIPMemberOf to use to calculate the value in the select-object. I had just never seen that approach before. With that said; however, this approach does end up breaking your information into multiple objects of just name and value as opposed to one object that can use the rest of the powershell cmdlets to control the presentation. Let me give an example of what I mean.

You can use Select object from your Get-ADUser results to just get the properties you want and create custom properties if needed.

Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
Select-Object SamAccountName,
              @{Label = 'MemberOf'; Expression = {($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}},
              @{Label = 'DirectReports'; Expression = {($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}}

Results:

SamAccountName                               MemberOf                                     DirectReports                              
--------------                               --------                                     -------------                             
user1                                        WindowsAdmins,CA Power Users                 export,Power 2. User,Power 1. User

Since this keeps all of the data in a single object, you can use the formats to change how the data is displayed

Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
Select-Object SamAccountName,
              @{Label = 'MemberOf'; Expression = {($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}},
              @{Label = 'DirectReports'; Expression = {($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}} |
Format-List

Results:

SamAccountName : user1 
MemberOf       : WindowsAdmins,CA Power Users
DirectReports  : export,Power 2. User,Power 1. User

You can even export this using the output or export cmdlets like Export-CSV or Export-CliXML

Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
Select-Object SamAccountName,
              @{Label = 'MemberOf'; Expression = {($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}},
              @{Label = 'DirectReports'; Expression = {($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}} |
Export-Csv c:\temp\export.csv

As an additional option, you can also do a custom powershell object rather than using select-object if it make more sense, and gives you the same ability to pipe into other powershell cmdlets for additional processing.

Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
ForEach-Object {
    [pscustomobject]@{
        SamAccountName = $_.samaccountname
        MemberOf = ($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","
        DirectReports = ($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","
    }
}

May 14, 2016 at 10:01 am

Thank you for that insight. I'm a fan of custom objects for my projects whenever they make logical sense to use them, and may go that route.

Biggest reason for the Select $somevariable, is so I can group attributes based on the GUI interface for record keeping

$General = select attributes that are on the General tab of ADUC
$Address = select attributes that are on the Address tab of ADUC
etc....

Thank you for the other options provided (and solving the original question I had), it gives me some flexibility in my scripts.